--On Wednesday, December 14, 2016 9:05 PM +0000 "Real, Elizabeth (392K)" Elizabeth.Real@jpl.nasa.gov wrote:
Hello,
I'm running OpenLDAP 2.4.40
Upgrade immediately to 2.4.44. The 2.4.40 release was seriously flawed and had numerous critical bugs around replication.
In looking at ways to improve performance of ldap, is slapindex a tool to use? Meaning after importing users accounts from an older ldap, should slapindex be ran? Or is this tool is used when you want to modify/add entries found in the slapd (cn=config.ldif) and database ((olcDatabase={2}hdb.ldif) configuration files not when users are added to the ldap database.
Stop using back-hdb. Switch to back-mdb.
If you already had indices defined for the database when you did the import, there is no reason to run slapindex. Slapindex should only be used if you've added a /new/ index to your database. If you are using cn=config and add a new index, there will be a background thread that will eventually index the entire DB.
Whether or not you need to add indexing for given attribute(s) can be discovered by examining the logs generated by slapd, which will file a complaint if there is a search performed on an unindexed attribute. You would need to examine the specific search to see what type(s) of indexing may be required.
If slapindex is not a tool to use to monitor performance, what do you recommend?
slapindex has never been a tool to monitor anything. It is purely for (re)generating indices on an existing DB.
Hope that helps!
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Thank you for the quick response.
I have spent a lot of time configuring version 2.4.40. Is there a guide on how to upgrade to 2.4.44 and switch to back-mdb? we rolled out 2.4.40 today and would need to plan the next upgrade.
I did already have indices defined for the database when I did the import.
What tool do you recommend for monitoring ldap performance?
Thank you, Liz
From: Quanah Gibson-Mount quanah@symas.com Reply-To: Quanah Gibson-Mount quanah@symas.com Date: Wednesday, December 14, 2016 at 1:21 PM To: "Real, Elizabeth (392K)" Elizabeth.Real@jpl.nasa.gov, "openldap-technical@openldap.org" openldap-technical@openldap.org Subject: Re: OpenLDAP performance and slapindex
--On Wednesday, December 14, 2016 9:05 PM +0000 "Real, Elizabeth (392K)" <Elizabeth.Real@jpl.nasa.govmailto:Elizabeth.Real@jpl.nasa.gov> wrote:
Hello,
I'm running OpenLDAP 2.4.40
Upgrade immediately to 2.4.44. The 2.4.40 release was seriously flawed and had numerous critical bugs around replication.
In looking at ways to improve performance of ldap, is slapindex a tool to use? Meaning after importing users accounts from an older ldap, should slapindex be ran? Or is this tool is used when you want to modify/add entries found in the slapd (cn=config.ldif) and database ((olcDatabase={2}hdb.ldif) configuration files not when users are added to the ldap database.
Stop using back-hdb. Switch to back-mdb.
If you already had indices defined for the database when you did the import, there is no reason to run slapindex. Slapindex should only be used if you've added a /new/ index to your database. If you are using cn=config and add a new index, there will be a background thread that will eventually index the entire DB.
Whether or not you need to add indexing for given attribute(s) can be discovered by examining the logs generated by slapd, which will file a complaint if there is a search performed on an unindexed attribute. You would need to examine the specific search to see what type(s) of indexing may be required.
If slapindex is not a tool to use to monitor performance, what do you recommend?
slapindex has never been a tool to monitor anything. It is purely for (re)generating indices on an existing DB.
Hope that helps!
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Quanah,
I found these entries on both ldap server logs. So do these entries mean that slapindex needs to be executed?
# less /var/log/ldap.log | grep index
Dec 15 12:22:01 slapd[27852]: <= bdb_equality_candidates: (uid) not indexed Dec 15 12:22:01 slapd[27852]: <= bdb_equality_candidates: (memberUid) not indexed Dec 15 12:22:01 slapd[27852]: <= bdb_equality_candidates: (uid) not indexed Dec 15 12:22:01 slapd[27852]: <= bdb_equality_candidates: (memberUid) not indexed
Thank you, Liz
From: Quanah Gibson-Mount quanah@symas.com Reply-To: Quanah Gibson-Mount quanah@symas.com Date: Wednesday, December 14, 2016 at 1:21 PM To: "Real, Elizabeth (392K)" Elizabeth.Real@jpl.nasa.gov, "openldap-technical@openldap.org" openldap-technical@openldap.org Subject: Re: OpenLDAP performance and slapindex
--On Wednesday, December 14, 2016 9:05 PM +0000 "Real, Elizabeth (392K)" <Elizabeth.Real@jpl.nasa.govmailto:Elizabeth.Real@jpl.nasa.gov> wrote:
Hello,
I'm running OpenLDAP 2.4.40
Upgrade immediately to 2.4.44. The 2.4.40 release was seriously flawed and had numerous critical bugs around replication.
In looking at ways to improve performance of ldap, is slapindex a tool to use? Meaning after importing users accounts from an older ldap, should slapindex be ran? Or is this tool is used when you want to modify/add entries found in the slapd (cn=config.ldif) and database ((olcDatabase={2}hdb.ldif) configuration files not when users are added to the ldap database.
Stop using back-hdb. Switch to back-mdb.
If you already had indices defined for the database when you did the import, there is no reason to run slapindex. Slapindex should only be used if you've added a /new/ index to your database. If you are using cn=config and add a new index, there will be a background thread that will eventually index the entire DB.
Whether or not you need to add indexing for given attribute(s) can be discovered by examining the logs generated by slapd, which will file a complaint if there is a search performed on an unindexed attribute. You would need to examine the specific search to see what type(s) of indexing may be required.
If slapindex is not a tool to use to monitor performance, what do you recommend?
slapindex has never been a tool to monitor anything. It is purely for (re)generating indices on an existing DB.
Hope that helps!
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Am 15.12.2016 um 21:27 schrieb Real, Elizabeth (392K):
Dec 15 12:22:01 slapd[27852]: <= bdb_equality_candidates: (uid) not indexed Dec 15 12:22:01 slapd[27852]: <= bdb_equality_candidates: (memberUid) not indexed
I would build an index if these lines are logged.
Maybe the "bdb_equality_candidates" could tell you what kind of index you need. That's what I don't know...
Andreas
openldap-technical@openldap.org
-
A. Schulze -
Quanah Gibson-Mount -
Real, Elizabeth (392K)